Data giant Meta:
Between EU and US data protection law

Social media platforms and messenger services such as Facebook, Instagram or WhatsApp have become an integral part of our daily lives. Almost all of us are registered with at least one of these services these days. A look at the user figures from parent company Meta underscores this: In the first quarter of 2022, almost three billion users used one or more apps from the Meta network every day. The countless data that this generates every day is stored in 21 data centers worldwide. However, the US company has been criticized for years for its lack of data protection.

Meta threatened with data export ban

The Irish Data Protection Commission (DPC) now wants to prohibit Meta from continuing to store user data of EU citizens on servers in the United States. On July 07, 2022, the DPC announced that it will block the transfer of all data between Meta and the United States in the future.

The data protection authorities of the other European member states, however, were asked to comment on this within one month. A quick solution is not expected, however, as amendments can be made and Meta has the option of appealing. The DPC justifies its legislative proposal by arguing that the data protection regulations in the United States do not meet the high requirements of the European General Data Protection Regulation (GDPR).

Data protection in the EU & the USA

But how does data protection law in the USA actually differ from that in the EU? One major difference is that the U.S. does not yet have a comprehensive and uniform data protection law. While the EU member states have been legally bound to the the GDPR since 2018 and must ensure full implementation, data protection in the USA is regulated by sector-specific data protection laws. For the individual sectors, there are different regulations for the individual sectors.

The reason for the different approach: In the Unlike in the EU, the protection of personal data is not seen as a fundamental right in the USA. but as part of consumer protection law. Another key difference is that is that U.S. data protection law grants intelligence services far-reaching access to stored data. stored data.

This is how it continues for Meta

A new bilateral data protection agreement is currently being negotiated between the EU and the USA is being negotiated. Until then, there is a question mark over the storage and use of European user data by Meta. data on the part of Meta, especially as there are further hurdles that the U.S. company faces. faces. In March of this year, the EU Commission had introduced the Digital Service Acts (DSA) and the Digital Markets Act (DMA), which impose stricter rules and due diligence requirements on digital companies like Meta. were subject to stricter rules and due diligence requirements. Illegal social media content, for example, must now be now have to be removed immediately.

Cloud providers:
What to watch out for

The storage of customer data on servers abroad is now also a common practice with many cloud providers has become a common practice. It is often not possible to exclude the possibility that sensitive data is passed on to governments and other third parties.

This is even more true since the enactment of the Clarifying Lawful Overseas Use of Data Act (CLOUD Act) in This law empowers U.S. law enforcement agencies to access customer data from IT service providers, even if the data is stored outside the United States. are stored. This means, for example, that a cloud provider from the U.S. that stores its data in a data center in Europe.

In order to be able to rule out the possibility of personal data being passed on to third third parties, it is therefore essential for companies to use a German cloud provider. cloud provider. This provider should be 100% DSGVO-compliant and host the data of its customers' data exclusively in German data centers.